Bulletin of Hectrical Engineering and Informatics 
Vol. 9, No. 2, April 2020, pp. 777~784 
ISSN: 2302-9285, DOI: 10.11591/eei1.v912.2086 O 777 


A lightweight security scheme for advanced metering 
infrastructures in smart grid 


S.M. Salim Reza!, Afida Ayob*, Md Murshedul Arifeen*, Nowshad Amin‘, 
Mohd Hanif Md Saad>, Aini Hussain® 
'2.5Tepartment of Electrical, Electronic & Systems Engineering, Faculty of Engineering and Built Environment, 
The National University of Malaysia, Malaysia 
“Department of Information and Communication Technology, Bangladesh University of Professionals, Bangladesh 
“Institute of Sustainable Energy, University Tenaga Nasional, Malaysia 


Article Info 
Article history: 


Received Oct 30, 2019 
Revised Dec 28, 2019 
Accepted Feb 11, 2020 


ABSTRACT 


Smart Grid (SG) enlarges the traditional power grid into a new dimension 
where millions of electronic devices relate to each other through Advanced 
Metering Infrastructures (AMI) network using imformation and 
communication technology (ICT). The integration of ICT to the traditional 
power grid opens the path for the adversaries to invade through various 
cy ber-attacks. Resource constrained electronic devices connected in AMI 
with the SG claims for faster, low power, less processing time and overall 
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the grid secure from adversaries. In this paper, a lightweight security scheme 
Se saati Me tenne has been proposed consolidating ChaCha20 data encryption method, chaos 
In rastructure based key generation and public key-based authentication scheme. 
Authentication Mathematical analysis shows that the proposed scheme is suitable to be used 
Chacha20 in SGs in terms of low power, less processing time and high throughput 
Logistic map which makes it lightweight and faster. This scheme also prevents any kind of 
Smart grid timing attacks such as replay attack. 
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1. INTRODUCTION 

Smart Grid (SG) is visualized as the next generation power grid system which itegrates 
the renewable energy sources (solar power, wind power, bio gas) with the long-established power grid 
system. It builds an enormous high speed bi-directional communication infrastructure by incorporating 
millions of electronic devices among the consumers or subscribers and the utility providers which is also 
known as AMI. Enriching the traditional power grid, SG offers realtime monitoring of energy consumption, 
ensures power flow optimization, understanding consumers energy consumption behavior, enhancing power 
transmission reliability and quality, reducing costs for electrical apphances, reduces green house gas 
emissions [1l, 2]. These significant advantages provide the utility providers to manage and handle 
the distribution of electric power in a more efficient and robust way through analyzing customers demand 
response. Various types of advanced technologies including advanced metering infrastructure (AMI), wide 
area network, private area network is forming these huge grids connected two-way communication network. 
AMLis one of the principle functional element of SG. It is responsible for collecting data fromthe customers 
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and makes a bridge between utility company and consumers. It consists of smart meter (SM) at customers 
end, communication network, meter data management system (MDMS), software applications, interfaces. 
Everyday millions of data are exchanging from customer end to the service provider end and vice vers a. This 
heavy dependability on smart communication network connected with power grid opens the loophole 
for the adversary or intruders to trespass the network and the inherent vulnerabilities of the information 
and communication network of power grid allows the attackers to launch cyber attacks which can lead 
to hazardous situation in SG. Due to the security vulnerabilities and cyber attacks the SG is suffering 
from grid instability, utility fraud, and loss of user information and energy-consumption data [3]. 
The communication between different entities in this network need to be secured or otherwise the privacy 
of the network will be breached through exposing private data to the intruders. 

Cyber attacks including wormhole attack, black hole attack, jamming attack, phishing attack etc can 
be classified as insider and outsider attacks. In case of msider attacks, the intruder takes control over 
the legitimate electronic devices to manipulate raw data, inject false message or can drop all received packets 
and also compromising legitimate devices he can launch various attacks like packet dropping attack or sink 
hole attack. In case of outsider attacks, the adversary tries to interrupt the network operation without 
accessing the network. The former one can be mitigated through trust management model but for the later 
one resource efficient security mechanism is required. However, the conventional cryptography mechanisms 
like digital signatures, PKI based scheme imposes extensive computational cost, processing delay 
and overhead [4]. It is a challenge to design efficient, robust, faster and affordable cryptography mechanism 
for AMI network in SG satisfying data confidentiality, integrity, low communication and computational 
overhead and less processing time. 

Recently, several authors have proposed that lightweight security mechanism is suitable for SG 
network and proposed various types of security mechanisms discussed in detail in review section. But most 
of the methods are proposed for only some sub infrastructures like between smart meter (SM) and service 
provider (SP) or between Cunsumer and substation. Also, some authors proposed highly complex security 
scheme like advanced encryption standard (AES) in [5] which is not resource efficient or lightweight 
to be used in AMI low cost devices. Thus, in this paper a lightweight security scheme has been proposed 
to ensure security in SG. The proposed scheme consists of data encryption scheme ChaCha20 encryption 
technique [6]. ChaCha20 is a simple stream cipher which is is secure and faster designed by Daniel J 
Bernstein [6]. The principle advantage of ChaCha2Q0 is that it is designed based on ARX (Addition, Rotation 
and XOR) cryptography technique which provides faster performance, less complexity and eliminates timing 
attack. ChaCha20 introduces simpler round functions compared to other conventional cryptography 
techniques which makes it well-suited and lightweight to be used in SG network. A chaotic map 
(one dimensional logistic map) based random number generation has been introduced. The random numbers 
generated from logistic maps are used to produce secret keys for ChaCha20 encryption algorithm. Different 
techniques are used to generate secret keys but keys based on non linear system provide better cryptography. 
As chaotic maps are non-linear, chaos based key generation increases security level and ensures good 
cryptography properties and it is difficult to crack any cipher generated through chaos based secret key [7]. 
The proposed method consists of two phase- initialization phase and information exchange phase. 
In initialization phase, the smart devices are assigned private and public keys. Before starting any 
information exchange the paired devices first authenticate themselves through exchanging public and private 
key. After verifying each other, they exchange data using lightweight strong secure cryptography scheme 
called ChaCha20. 

To provide authentication and integrity, the authors in [8] proposed a mechanism that uses low cost 
hardware named physically unclonable function (PUF) and CSI based encryption mechanism. Due 
to scalability of Smart Grid (SG), traditional security based on PKI are not suitable. Thus the literature 
proposed a non cryptography mechanism based on PUF and CSI. The proposed mechanism only focuses 
the security between smart meter and concentrator. A security mechanism is needed to be designed which 
can focus not only the security between smart meter and concentrator but also other sub infrastructures. 
A lightweight security and privacy preserving scheme based on electricity forecasting has been proposed. 
This scheme reduces communication and computation overhead. The proposed scheme is based on predicting 
the expected electricity demand for a HAN cluster. The scheme restricts the connection with the provider 
when the demand needs to be adjusted [9]. It is required to design security scheme addressing 
communication and computation overhead which is signified in this paper. The main contribution of [10] this 
paper is, the authors proposed an authentication mechanism between utility company and SM which 
enhances security of the smart grid by providing low overhead. But other parts of the smart grid network is 
not considered for security. Anonymised authentication frame work has been proposed in [11] which consists 
of an authentication scheme and an anonymisation mechanism to protect the privacy of the data. 
The proposed scheme is more resilient in terms of privacy preserving purpose in SG To achieve 
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the authentication between SM and service provider (SP), an anonymiser entity performs anonymisation 
process between them. Security mechanisms should be developed to be used in other substructures such as 
between SM and electronic devices connected with electrical appliances as wellas SM and SP. The proposed 
method in [12] ensures source authentication, data integrity, message confidentiality and non repudiation as it 
is based on public key based approach. However, Public key cryptography is complex which is not suitable 
for limited memory and processing capability of SM. It must be ensured that the designed security scheme is 
lightweight, less complex and compatible to be used in low cost electronic devices such as SM. A lightweight 
authentication protocol based on shared secret key and random nu mber has been proposed in [13] for two 
way communication between supervisory node and control node. This method can effectively prevent man 
im the middle attack and replay attack and also improves certification security of SG. PUF and one way hash 
function based lightweight cryptography scheme has been proposed in [14] that ensures secure 
communication between SM and SP. Ensures resilience against DoS attack, Man in the middle attack 
and forward secrecy. Also the authors have introduced fuzzy extractor to reduce noise from PUF. A bi-linear 
map pairing based authentication mechanism has been proposed in [15] which can overcome the limitations 
faced by the methods propose in [16]. Besides elimmating the problems, the proposed scheme can also 
ensure perfect forward privacy, message integrity, private key privacy and resiliency against replay attacks. 
To ensure mutual authentication and session keys, the authors in [17] uses bi-linear pairing technique.which 
ensures confidentiality of the communication between electrical vehicle and SG. The protocol eliminates 
centralization problems and it has comparatively better computational and communication costs. Elliptic 
curve cryptography based authentication scheme has been proposed in [16] for secure communication 
between consumers and substations. The proposed scheme provides mutual authentication with low 
computation and communication costs. But the scheme can not ensure forward secrecy and private key 
privacy [15]. An anonymous message authentication scheme has been imtroduced in [5] to overcome 
the problems faced by the methods proposed in [18]. However, here the authors proposed AES which is 
a computationally expensive encryption mechanism that requires high resources. The smart meters are unable 
to provide the resources needed by AES. Thus lightweight mechanism is required. 

In this paper, the issues that are being emphasized are extra computational cost, huge processing 
delay, overhead and resource (energy, memory) consuming security scheme for smart devices of AMI 
architecture of SG is not acceptable. A lightweight, energy efficient and faster security scheme comprising 
of ChaCha20 encryption in SG has been proposed and compared with the proposed AES based security 
method in [18]. This claim has been proven mathematically and also that ChaCha20 performs better in terms 
of computational cost, processing time and throughput than AES. Also, this scheme can be used between any 
paired devices in AMI. 


2. SMART GRID NETWORK ARCHITECHTURE 

In this section a brief overview of SG communication network architecture is presented. According 
to National Institute of Standards and Technology (NIST) the SG is comprised of seven interconnected 
domains including Bulk Generation, Transmission, Distribution, Customer, Markets, Service Provider 
and Operations [19, 20]. The first four domains are responsible for power distribution and information flows 
from tow ends. The last three are responsible for market data collection and power management. A simple 
architecture is demonstrated in Figure |. In lower layer, home area network (HAN), building area network 
(BAN) and industrial area network (IAN) is connected. In this layer all the electrical appliances 
are connected with the smart meter (SM). The SM acts as a gateway to these devices by collects electricity 
consumption data, customers demand or response data and forwards them to the power management 
authority and vice versa. The communication between the SM and the electrical appliances can be established 
through wireless or wired communication. In the middle layer, different networks from the lower layer 
are connected to a single aggregator node also known as neighborhood area network (NAN). NAN 
is responsible for forwarding all the data collected from different networks to the top layer through 
substation. In the top layer power generation unit, power distribution unit and other units like MDMS, 
demand response management system (DRMS), load management system (LMS) are situated. This domain 
distributes power, analyze customers demand, provide billing information. 


3. RESULTS METHOD 
The proposed solution comprises of three distinguished stages: Initialization Phase, Information 
Exchange Phase and Key Generation Phase. The overall security scheme is depicted in Figure 2. 
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Figure 2. Overall security scheme 


3.1. Initialization phase 

In initialization phase, each device is assigned with a public PU_i and a private key PR_i 
for authentication purpose. The SM will identify whether a device is legitimate or not through authentication 
scheme. During any session, the nodes (smart devices) connected with the electrical appliances will send 
hello message hmsg encrypted with his private key PR_i to the SM. The SM has the corresponding public 
key PU_i of that smart device. The SM will decrypt the message and send response message rmsg encrypted 
with its private key PR_i. In this way, by using simple public key and private key exchanging the devices 
will be authenticated with each other. After that, the nodes connected with the electrical appliances will share 
the secret value of parameter of the chaotic system "r", described in key generation phase. Based on this 
value the SM and the node will generate encryption and decryption keys and will use these keys in ChaCha20 
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cipher algorithm for data encryption and decryption purpose. Any paired device in the AMI network of SG 
will follow this procedure. 


3.2. Information exchange phase 

For information exchange, ChaCha20 cipher algorithm is suggested for its resource efficient 
behavior with less complexity. ChaCha20 stream cipher is the variant of Salsa20 cipher proposed in [6] 
by Daniel J Bernstein. ChaCha20 stream cipher takes plain text as input of length $16$ words and outputs 
a cipher text of length 16 words. That is cipher text (C_i)=plaint text (P_i) ChaCha20 key stream 
and the decryption is performed in the reverse way of encryption as plain text (P_i)=cipher text (C_1i) 
ChaCha20 key stream. The key stream of ChaCha20 is generated through ChaCha20 block function where 
the ChaCha20 block function performs some round function on some initial 4x 4 matrix consisting of four 4 
bytes constants, eight 4 bytes key (chaotic logistic map is used to generate keys), one 4 bytes counter value 
and three 4 bytes Nonce. The algorithm operates on four 4 bytes words at a time. ChaCha20 scrambles 
the 64 bytes (16 words) initial block through quarter round function. 20 rounds (10 column rounds 
and 10 diagonal rounds) are performed on each 16 words of a packet. Each round itself performs 4 quarter 
round operation on four 4 bytes words as follows: 


at=b; d4=a; d <<<=16; (1) 
c+t=d; b’=c; b <<<=12; (2) 
at=b; d4=a; d <<<=8&; (3) 
ct=d; b’=c; b <<<=7; (4) 


The ChaCha20 algorithm block diagram is depicted in Figure 3. 





Figure 3. ChaCha20 algorithm block diagram 


3.3. Key generation 

The logistic map is a polynomial equation which demonstrates chaotic behavior. There are various 
types of logistic maps including continuous and discrete. One dimensional logistic map which is a discrete 
time chaotic system for key generation purpose in ChaCha20 algorithm has been considered. The following 
equation demonstrates the one-dimensional logistic map [21]: 


An+1 =rx,(1 — Xy) (5) 


here, r is the system parameter and it takes value between 3.5699 to 4 because for these values the system 
enters into chaos. Figure 4 demonstrates value for various "r". 

For key generation purpose, the value of r=3.99 and initial value X_O=0.6 (its value is always 
between 0 to 1) are considered. As the ChaCha20 algorithm requires 8 number of keys, the first 8 number 
of values from the sequence generated by the logistic map equation is taken for consideration. For e xamp le- 
0.600, 0.958, 0.162, 0.543, 0.990, 0.038, 0.145, 0.496. As each key in ChaCha20 encryption algorithm is 32 
bit length, to convert the above values in 32 bit binary value each of them has to be multiplied with (2%? -1) 
equivalent decimal value and then rounded to the nearest possible number. Table 1 demonstrates this. 
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Table 1. Encryption and decryption key generation process 


Chaos value After Multiplication After Rounding Binary 
0.600 2576980377 2576980377 10011001 100110011001 100110011001 
0.958 4114578668.61 4114578668 11110101001 111110111110011101100 
0.162 695784701.79 695784701 00101001011 110001 101010011111101 
0.543 2332167241.18 2332167241 10001011 000000 100000 110001001001 
0.990 4252017622.05 4252017622 11111101011 100001010001 111010110 
0.038 163208757.21 163208757 00001001 101 110100101 111000110101 
0.145 622770257.775 622770257 00100101000 111 101011 100001010001 
0.496 2130303778.32 2130303778 01111110111110011 101 101 100100010 


4. RESULTS AND DISCUSSION 

The performance of the proposed scheme in terms of its applicability in smart grids electronic 
devices has been evaluated. The performance is mathematically analyzed in terms of computational energy 
consumption, processing time and throughput. For mathematical analysis purpose, the hardware is Intel Core 
Duo CPU 2.13 GHz processor whose operating voltage range is 0.8500V-1.5V, clock cycle or base 
frequency is 2.13 GHz. 

For the aspect of computational energy: this performance metric defines the average amount 
of energy consumed by a cryptography algorithm when it operates encryption or decryption operation, It is 
important to analyze energy efficiency as most of the wireless devices are battery powered and suffers 
from battery power limitation. Thus designing energy efficient security protocols will prolong the lifetime 
of the devices. To evaluate energy consumption of the proposed scheme and AES, the following equation 
have been utilised [22]: 


_ CC/B 


E= 
cc /S 


IV (6) 


where, CC/B denotes clock cycles per byte during encryption and decryption. CS denotes processors clock 
cycle. J defines current required in total encryption and decryption cycles and finally V is the processors 
operating voltage. 

Figure 5 shows the comparison of computational energy consumption of AES and ChaCha20. From 
the figure, it can be seen that to process 128 Byte data ChaCha20 requires 8 times lower energy than AES 
that is to process 128 Byte data AES consumes 8 Joules on the otherhand ChaCha20 consumes only | Joule 
of energy. 
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Figure 5. Comparison of energy consumption of AES 
Figure 4. Bifurcation diagram and ChaCha20 


In terms of Processing Time: Processing time defines the time required for the processor to perform 
encryption or decryption of a particular size of data. Less processing time ensures faster cryptographic 
schemes. The required time can be calculated as: 


Data Size 
= ——= (7) 
peed 
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_ cc/s 
Speed = cae (8) 


where, speed defines bytes per second or throughput. Figure 6(a) demonstrates processing time comparison 
of the two schemes. It is clear that the processing time has been drastically reduces for ChaCha20 than AES. 
Throughput refers to the amount of data that a systemcan process per unit of time. The higher the throughput 
the betterthe systemperformance. Throughput can be modeled through the following equation [23, 24]: 


Size of Data 


Throughput = (9) 


Encryption time 


From Figure 6(b) it can be seen that the throughput of ChaCha20 is much higher than AES. The proposed 
scheme has been compared with AES [25]. In future, the effects of various attacks like wormhole attack, 
black hole attack, phishing attack [26] on smart grid and their mitigation techniques could be investigated. 
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Figure 6. (a) Comparison of processing time of AES and ChaCha20, (b) Throughput comparison of AES 
and ChaCha20 


5. CONCLUSION 

In this paper, it has been shown from recent work that the electronic devices along with SM used 
in SG network are low powered and resource constrained which asserts faster, low processing time, low 
powered cryptography scheme to secure the network. To meet this demand, a ChaCha20 based lightweight 
data encryption and decryption scheme to be used in SG network has been proposed. To validate a device as 
a legitimate device, public key and private key based authentication scheme has also been proposed. Also, 
to make the existing ChaCha20 encryption method stronger, chaos based randomnumber generation method 
has been uilized. Based on these random numbers, the ChaCha20 will generate keys and perform 
cryptography operations. Through mathematical analysis, the proposed method has been proven applicable 
to be used in SG network which suffices the demands of electronic devices in SG. The proposed protocol 
is also able to eliminate any kind of timing attacks such as replay attacks as preventing timing attack is 
an inherent feature of ChaCha20. 
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